pkg:Go/github.com/mattermost/mattermost-server/v6

204 total CVEsCRITICAL5HIGH14MEDIUM134LOW51

✅ Check your installed version

All known vulnerabilities

CRITICAL9.9CVE-2025-12421Mattermost fails to to verify the token used during code exchange in github.com/mattermost/mattermost-server
from 0
CRITICAL9.9CVE-2025-12419Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication
from 0
CRITICAL9.9CVE-2025-4981Mattermost allows authenticated users to write files to arbitrary locations in github.com/mattermost/mattermost-server
from 0
CRITICAL9.9CVE-2025-25279Mattermost allows reading arbitrary files related to importing boards
from 0
CRITICAL9.9CVE-2025-20051Mattermost allows reading arbitrary files
from 0
HIGH8.8CVE-2023-2515Mattermost Incorrect Authorization vulnerability
from 0, < 7.1.8
HIGH8.8CVE-2022-1384Insecure plugin handling in Mattermost
>= 6.4.0, < 6.5.0
HIGH8.8CVE-2022-1384Insecure plugin handling in Mattermost
>= 6.4.0, < 6.5.0
HIGH8.7CVE-2024-39777Mattermost allows unsolicited invites to expose access to local channels
from 0
HIGH8.7CVE-2024-39274Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel
from 0
HIGH8.1CVE-2025-58073Mattermost has a Missing Authorization vulnerability
from 0
HIGH8.1CVE-2025-58075Mattermost has a Missing Authorization vulnerability in github.com/mattermost/mattermost-server
from 0
HIGH8.0CVE-2025-9079Mattermost Path Traversal vulnerability in github.com/mattermost/mattermost-server
from 0
HIGH7.6CVE-2025-9072Mattermost Open Redirect vulnerability
from 0
HIGH7.5CVE-2026-24458Mattermost fails to properly handle very long passwords
from 0
HIGH7.5CVE-2025-25068Mattermost Fails to Enforce MFA on Plugin Endpoints
from 0
HIGH7.4CVE-2024-36492Mattermost failed to disallow the modification of local users when syncing users in shared channels
from 0
HIGH7.2CVE-2025-14273Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm in github.com/mattermost/mattermost-plugin-jira
from 0
HIGH7.1CVE-2023-6458Mattermost Injection vulnerability
from 0, < 7.8.14
MEDIUM6.8CVE-2025-8023Mattermost Fails to Sanitize Path Traversal Sequences in github.com/mattermost/mattermost-server
from 0
MEDIUM6.8CVE-2025-8023Mattermost Fails to Sanitize Path Traversal Sequences in github.com/mattermost/mattermost-server
from 0, <= 6.7.2
MEDIUM6.8CVE-2025-49222Mattermost Fails to Validate Remote Cluster Upload Sessions in github.com/mattermost/mattermost-server
from 0, <= 5.7.2
MEDIUM6.8CVE-2025-36530Mattermost Fails to Validate File Paths in github.com/mattermost/mattermost-server
from 0
MEDIUM6.8CVE-2025-49222Mattermost Fails to Validate Remote Cluster Upload Sessions in github.com/mattermost/mattermost-server
from 0
MEDIUM6.8CVE-2025-36530Mattermost Fails to Validate File Paths in github.com/mattermost/mattermost-server
from 0, <= 6.7.2
MEDIUM6.8CVE-2025-6233Mattermost Path Traversal vulnerability in github.com/mattermost/mattermost-server
from 0
MEDIUM6.8CVE-2024-39832Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
from 0
MEDIUM6.7CVE-2023-4107Mattermost does not validate requesting user permissions before updating admin details
from 0, < 7.8.8
MEDIUM6.5CVE-2025-55070Mattermost does not enforce MFA on WebSocket connections in github.com/mattermost/mattermost-server
from 0
MEDIUM6.5CVE-2025-9076Mattermost Missing Authorization vulnerability
from 0
MEDIUM6.5CVE-2025-6226Mattermost Missing Authentication for Critical Function
from 0
MEDIUM6.5CVE-2025-41395Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type
from 0
MEDIUM6.5CVE-2025-35965Mattermost Playbooks fails to validate the uniqueness and quantity of task actions
from 0
MEDIUM6.5CVE-2025-20621Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server
from 0
MEDIUM6.5CVE-2025-20086Mattermost fails to properly validate post props
from 0
MEDIUM6.5CVE-2025-20088Mattermost fails to properly validate post props
from 0
MEDIUM6.5CVE-2025-21088Mattermost Incorrect Type Conversion or Cast
from 0
MEDIUM6.5CVE-2024-54682Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
from 0
MEDIUM6.5CVE-2024-54083Mattermost Improper Validation of Specified Type of Input vulnerability
from 0
MEDIUM6.5CVE-2024-2447Mattermost fails to authenticate the source of certain types of post actions
from 0
MEDIUM6.5CVE-2023-5196Mattermost Uncontrolled Resource Consumption vulnerability
from 0, < 7.8.10
MEDIUM6.5CVE-2023-5195Mattermost Incorrect Authorization vulnerability
from 0, < 7.8.10
MEDIUM6.5CVE-2023-1775Mattermost vulnerable to information disclosure
>= 6.0.0, < 7.1.6
MEDIUM6.5CVE-2022-3257Mattermost subject to Denial of Service via upload of special GIF
>= 7.1.0, < 7.2.0
MEDIUM6.5CVE-2022-2401Mattermost users could access some sensitive information via API call
from 0, < 6.3.9
MEDIUM6.5CVE-2022-2401Mattermost users could access some sensitive information via API call
from 0, < 6.3.9, >= 6.4.0, < 6.5.2, >= 6.6.0, < 6.6.2, >= 6.7.0, < 6.7.1
MEDIUM6.5CVE-2022-1337Resource exhaustion in Mattermost
from 0, < 6.4.2
MEDIUM6.5CVE-2022-1337Resource exhaustion in Mattermost
from 0, < 6.4.2
MEDIUM6.3CVE-2023-4106Mattermost fails to check if user is a guest before performing actions on public playbooks
>= 7.9.0, < 7.9.6
MEDIUM6.0CVE-2024-42497Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams
from 0
MEDIUM5.8CVE-2025-31947Mattermost Fails to Lockout LDAP Users After Repeated Login Failures
from 0
MEDIUM5.7CVE-2025-13821Mattermost fails to sanitize sensitive data in WebSocket messages
from 0
MEDIUM5.5CVE-2024-41144Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
from 0
MEDIUM5.4CVE-2026-0999Mattermost fails to properly validate login method restrictions
from 0
MEDIUM5.4CVE-2025-55073Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL
from 0
MEDIUM5.4CVE-2025-41410Mattermost has a Missing Authorization vulnerability
from 0
MEDIUM5.4CVE-2025-46702Mattermost Incorrect Authorization vulnerability
from 0
MEDIUM5.4CVE-2025-3230Mattermost fails to properly invalidate personal access tokens upon user deactivation in github.com/mattermost/mattermost-server
from 0
MEDIUM5.4CVE-2025-2475Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm
from 0
MEDIUM5.4CVE-2025-27933Mattermost allows members with permission to convert public channels to private and convert private to public in github.com/mattermost/mattermost-server
from 0
MEDIUM5.4CVE-2024-47003Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
from 0
MEDIUM5.4CVE-2023-1776Mattermost vulnerable to cross-site scripting (XSS)
>= 6.0.0, < 7.1.6
MEDIUM5.4CVE-2023-1774Mattermost fails to properly authentication inviter's permissions to private channel
>= 6.0.0, < 7.1.6
MEDIUM5.3CVE-2026-2456Mattermost fails to limit the size of responses from integration action endpoints
from 0
MEDIUM5.3CVE-2025-3913Mattermost improperly allows team administrators to modify team invites
from 0
MEDIUM5.3CVE-2025-27936Mattermost vulnerable to Observable Timing Discrepancy
from 0
MEDIUM5.3CVE-2023-6459Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
from 0, < 7.8.14
MEDIUM5.3CVE-2023-48369Mattermost Uncontrolled Resource Consumption vulnerability
from 0, < 7.8.13
MEDIUM5.3CVE-2023-5969Mattermost vulnerable to excessive memory consumption
from 0, < 7.8.12
MEDIUM5.3CVE-2023-1777Mattermost vulnerable to information disclosure
>= 6.3.0, < 7.1.6
MEDIUM4.9CVE-2025-11794Mattermost allows system administrators to access password hashes and MFA secrets in github.com/mattermost/mattermost-server
from 0
MEDIUM4.9CVE-2025-8402Mattermost has Potential Server Crash due to Unvalidated Import Data in github.com/mattermost/mattermost-server
from 0, <= 6.7.2
MEDIUM4.9CVE-2025-8402Mattermost has Potential Server Crash due to Unvalidated Import Data in github.com/mattermost/mattermost-server
from 0
MEDIUM4.9CVE-2023-5968Mattermost password hash disclosure vulnerability
>= 5.4.0-rc1, < 7.8.12
MEDIUM4.8CVE-2024-48872Mattermost Race Condition vulnerability
from 0
MEDIUM4.8CVE-2024-39836Mattermost allows remote/synthetic users to create sessions, reset passwords
from 0
MEDIUM4.7CVE-2025-32093Mattermost Fails to Restrict Certain Operations on System Admins
from 0
MEDIUM4.7CVE-2024-8071Mattermost doesn't restrict which roles can promote a user as system admin
from 0
MEDIUM4.7CVE-2024-29221Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
from 0
MEDIUM4.6CVE-2024-46872Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery
from 0
MEDIUM4.6CVE-2024-40886Mattermost Cross-Site Request Forgery vulnerability
from 0
MEDIUM4.6CVE-2022-1385Improper Control of a Resource Through its Lifetime in Mattermost
from 0, < 6.5.0
MEDIUM4.6CVE-2022-1385Improper Control of a Resource Through its Lifetime in Mattermost
from 0, < 6.5.0
MEDIUM4.5CVE-2023-4108Mattermost fails to sanitize post metadata
from 0, < 7.8.8
MEDIUM4.3CVE-2026-2455Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation
from 0
MEDIUM4.3CVE-2026-24692Mattermost fails to properly enforce read permissions in search API endpoints
from 0
MEDIUM4.3CVE-2026-21386Mattermost fails to use consistent error responses when handling the /mute command
from 0
MEDIUM4.3CVE-2026-4265Mattermost fails to validate team-specific upload_file permissions
from 0
MEDIUM4.3CVE-2026-2578Mattermost fails to preserve the redacted state of burn-on-read posts during deletion
from 0
MEDIUM4.3CVE-2026-2463Mattermost fails to filter invite IDs based on user permissions
from 0
MEDIUM4.3CVE-2026-2458Mattermost allows a removed team member to enumerate all public channels within a private team
from 0
MEDIUM4.3CVE-2026-25783Mattermost fails to properly validate User-Agent header tokens
from 0
MEDIUM4.3CVE-2026-26246Mattermost fails to bound memory allocation when processing PSD image files
from 0
MEDIUM4.3CVE-2026-25780Mattermost fails to bound memory allocation when processing DOC files
from 0
MEDIUM4.3CVE-2026-2457Mattermost allows attackers to spoof permalink embeds
from 0
MEDIUM4.3CVE-2025-14350Mattermost fails to properly validate team membership when processing channel mentions
from 0
MEDIUM4.3CVE-2025-13767Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues
from 0
MEDIUM4.3CVE-2025-13324Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation
from 0
MEDIUM4.3CVE-2025-12756Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost
from 0
MEDIUM4.3CVE-2025-12559Mattermost fails to sanitize team email addresses
from 0
MEDIUM4.3CVE-2025-11776Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost
from 0
MEDIUM4.3CVE-2025-11776Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost
from 0, < 5.3.2-0.20250815165020-c8d66301415d
MEDIUM4.3CVE-2025-9078Mattermost makes Use of Weak Hash
from 0
MEDIUM4.3CVE-2025-6465Mattermost Fails to Sanitize File Names in github.com/mattermost/mattermost-server
from 0
MEDIUM4.3CVE-2025-47870Mattermost Does Not Sanitize the Team Invite ID
from 0
MEDIUM4.3CVE-2025-47870Mattermost Does Not Sanitize the Team Invite ID
from 0, <= 6.7.2
MEDIUM4.3CVE-2025-47871Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server
from 0
MEDIUM4.3CVE-2025-3228Mattermost allows an unauthorized Guest user access to Playbook
from 0
MEDIUM4.3CVE-2025-3227Mattermost allows unauthorized channel member management through playbook runs in github.com/mattermost/mattermost-server
from 0
MEDIUM4.3CVE-2025-2527Mattermost Fails to Verify User's Permissions When Accessing Groups in github.com/mattermost/mattermost-server
from 0
MEDIUM4.3CVE-2025-3446Mattermost Fails to Validate Team Invite Permissions
from 0
MEDIUM4.3CVE-2025-2564Mattermost Incorrect Authorization vulnerability
from 0
MEDIUM4.3CVE-2025-27571Mattermost Incorrect Authorization vulnerability
from 0
MEDIUM4.3CVE-2025-30179Mattermost Fails to Enforce Certain Search APIs
from 0
MEDIUM4.3CVE-2025-25274Mattermost Fails to Restrict Command Execution in Archived Channels
from 0
MEDIUM4.3CVE-2025-24920Mattermost Fails to Restrict Bookmark Creation and Updates in Archived Channels in github.com/mattermost/mattermost-server
from 0
MEDIUM4.3CVE-2025-1472Mattermost Fails to Properly Perform Viewer Role Authorization
from 0
MEDIUM4.3CVE-2025-24526Mattermost fails to restrict channel export of archived channels in github.com/mattermost/mattermost-server
from 0
MEDIUM4.3CVE-2025-20033Mattermost Improper Validation of Specified Type of Input vulnerability
from 0
MEDIUM4.3CVE-2024-47401Mattermost Server vulnerable to application crash from attacker-generated large response
from 0
MEDIUM4.3CVE-2024-10241Mattermost Server allows user to get private channel names
from 0
MEDIUM4.3CVE-2024-50052Mattermost server allows authenticated user to delete arbitrary post
from 0
MEDIUM4.3CVE-2024-43780Mattermost allows guest user with read access to upload files to a channel
from 0
MEDIUM4.3CVE-2024-32939Mattermost doesn't redact remote users' original email addresses
from 0
MEDIUM4.3CVE-2024-39839Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
from 0
MEDIUM4.3CVE-2024-28949Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
from 0
MEDIUM4.3CVE-2024-1953Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
from 0
MEDIUM4.3CVE-2024-1942Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
from 0
MEDIUM4.3CVE-2024-23493Mattermost leaks details of AD/LDAP groups of a teams
from 0
MEDIUM4.3CVE-2024-24988Mattermost denial of service through long emoji value
from 0
MEDIUM4.3CVE-2024-1887Mattermost post fetching without auditing in compliance export
from 0
MEDIUM4.3CVE-2024-1888Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
from 0
MEDIUM4.3CVE-2024-1402Mattermost vulnerable to denial of service via large number of emoji reactions
from 0
MEDIUM4.3CVE-2023-47858Mattermost viewing archived public channels permissions vulnerability
from 0, < 7.8.10
MEDIUM4.3CVE-2023-48732Mattermost notified all users in the channel when using WebSockets to respond individually
from 0
MEDIUM4.3CVE-2023-47858Mattermost viewing archived public channels permissions vulnerability
from 0
MEDIUM4.3CVE-2023-48732Mattermost notified all users in the channel when using WebSockets to respond individually
from 0, < 8.1.7
MEDIUM4.3CVE-2023-6202Mattermost Improper Access Control vulnerability
from 0, < 7.8.13
MEDIUM4.3CVE-2023-45223Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
from 0, < 7.8.13
MEDIUM4.3CVE-2023-47865Mattermost Improper Access Control vulnerability
from 0, < 7.8.13
MEDIUM4.3CVE-2023-43754Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
from 0, < 7.8.13
MEDIUM4.3CVE-2023-48268Mattermost Uncontrolled Resource Consumption vulnerability
from 0, < 7.8.13
MEDIUM4.3CVE-2023-47168Mattermost Open Redirect vulnerability
from 0, < 7.8.13
MEDIUM4.3CVE-2023-40703Mattermost Uncontrolled Resource Consumption vulnerability
from 0, < 7.8.13
MEDIUM4.3CVE-2023-5967Mattermost denial of service vulnerability
from 0, < 7.8.12
MEDIUM4.3CVE-2023-5194Mattermost Incorrect Authorization vulnerability
from 0, < 7.8.10
MEDIUM4.3CVE-2023-2783Mattermost Server Missing Authorization vulnerability
>= 7.10.0, < 7.10.1
MEDIUM4.3CVE-2022-1332Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
>= 6.4.0, < 6.4.2
MEDIUM4.3CVE-2022-1332Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
>= 6.0.0, < 6.2.5, >= 6.3.0, < 6.3.5, >= 6.4.0, < 6.4.2
MEDIUM4.2CVE-2025-2571Mattermost fails to clear Google OAuth credentials
from 0
MEDIUM4.1CVE-2025-64641Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin
from 0
MEDIUM4.1CVE-2025-4573Mattermost allows authenticated administrator to execute LDAP search filter injection
from 0
MEDIUM4.1CVE-2024-41162Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
from 0
LOW3.8CVE-2025-14573Mattermost fails to enforce invite permissions when updating team settings
from 0
LOW3.8CVE-2025-53971Mattermost Fails to Properly Validate Team Role Modification
from 0, <= 6.7.2
LOW3.8CVE-2025-53971Mattermost Fails to Properly Validate Team Role Modification
from 0
LOW3.8CVE-2025-22449Mattermost Incorrect Authorization vulnerability
from 0
LOW3.8CVE-2024-39837Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
from 0, < 6.0.0-20240626164322-c758cecaf30c
LOW3.8CVE-2024-39837Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
from 0
LOW3.7CVE-2023-50333Mattermost allows demoted guests to change group names
from 0
LOW3.7CVE-2023-7113Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
from 0
LOW3.5CVE-2025-49810Mattermost Lack of Access Control Validation in github.com/mattermost/mattermost-server
from 0
LOW3.5CVE-2025-47700Mattermost Server SSRF Vulnerability via the Agents Plugin in github.com/mattermost/mattermost-server
from 0
LOW3.5CVE-2025-22445Mattermost has Improper Check for Unusual or Exceptional Conditions
from 0
LOW3.5CVE-2024-10214Mattermost incorrectly issues two sessions when using desktop SSO
from 0
LOW3.3CVE-2025-27715Mattermost fail to prompt for explicit approval before adding a team admin to a private channel
from 0
LOW3.1CVE-2026-22545Mattermost fails to validate user's authentication method when processing account auth type switch
from 0
LOW3.1CVE-2025-62690Mattermost has missing redirect URL validation in github.com/mattermost/mattermost
from 0
LOW3.1CVE-2025-13870Mattermost fails to validate user permissions in Boards
from 0
LOW3.1CVE-2025-41436Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server
from 0
LOW3.1CVE-2025-11777Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost
from 0
LOW3.1CVE-2025-11777Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost
from 0, < 5.3.2-0.20250905150616-ba86dfc5876b
LOW3.1CVE-2025-10545Mattermost has an Incorrect Authorization vulnerability
from 0
LOW3.1CVE-2025-54499Mattermost has an Observable Timing Discrepancy vulnerability in github.com/mattermost/mattermost-server
from 0
LOW3.1CVE-2025-9081Mattermost boards plugin fails to restrict download access to files
from 0
LOW3.1CVE-2025-9084Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server
from 0
LOW3.1CVE-2025-4128Mattermost allows guest users to view information about public teams they are not members of in github.com/mattermost/mattermost-server
from 0
LOW3.1CVE-2025-3611Mattermost fails to properly enforce access control restrictions for System Manager roles
from 0
LOW3.1CVE-2025-1792Mattermost fails to properly enforce access controls for guest users in github.com/mattermost/mattermost-server
from 0
LOW3.1CVE-2025-41423Mattermost Playbooks fails to properly validate permissions
from 0
LOW3.1CVE-2025-24839Mattermost Incorrect Authorization vulnerability
from 0
LOW3.1CVE-2025-2424Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server
from 0
LOW3.1CVE-2025-1412Mattermost fails to invalidate all active sessions when converting a user to a bot in github.com/mattermost/mattermost-server
from 0
LOW3.1CVE-2024-21848Mattermost Server Improper Access Control
from 0
LOW3.1CVE-2024-28053Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
from 0, < 0.0.0-20240209181221-674f549daf0e
LOW3.1CVE-2024-28053Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
from 0
LOW3.1CVE-2024-1952Mattermost incorrectly allows access individual posts
from 0
LOW3.1CVE-2024-23488Mattermost fails to properly restrict the access of files attached to posts
from 0
LOW3.1CVE-2024-24776Mattermost fails to check the required permissions
from 0
LOW3.1CVE-2023-35075Mattermost Injection vulnerability
from 0, < 7.8.13
LOW3.1CVE-2023-4105Mattermost fails to correctly delete attachments
>= 7.9.0, < 7.9.6
LOW3.0CVE-2025-13352Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection in github.com/mattermost/mattermost
from 0
LOW3.0CVE-2025-55074Mattermost allows other users to determine when users had read channels via channel member objects
from 0
LOW3.0CVE-2025-31363Mattermost doesn't restrict domains LLM can request to contact upstream
from 0
LOW2.7CVE-2025-2570Mattermost Fails to Check User Access to `ExperimentalSettings`
from 0
LOW2.7CVE-2025-24866Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint
from 0
LOW2.7CVE-2024-40884Mattermost allows team admin user without "Add Team Members" permission to disable invite URL
from 0
LOW2.7CVE-2024-41926Mattermost allows remote actor to set arbitrary RemoteId values for synced users
from 0
LOW2.7CVE-2024-29977Mattermost failed to properly validate synced reactions
from 0
LOW2.7CVE-2023-5193Mattermost Incorrect Authorization vulnerability
from 0, < 7.8.10
LOW2.7CVE-2023-5159Mattermost Incorrect Authorization vulnerability
from 0, < 7.8.10
LOW2.6CVE-2024-1949Mattermost race condition
from 0
LOW2.2CVE-2025-6227Mattermost has Insufficiently Protected Credentials
from 0
LOW2.2CVE-2025-27538Mattermost Missing Authentication for Critical Function
from 0